IMHO: Winbind in Samba4

Stefan (metze) Metzmacher metze at samba.org
Sun Jan 9 12:33:39 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gémes Géza schrieb:
| Richard Sharpe írta:
|
|> On Sun, 9 Jan 2005, Simo Sorce wrote:
|>
|>
|>
|>>>> |>>
|>>>> |>>Well, some NAS boxes will be like that. Probably the smaller
|>>>> stand-alone
|>>>> |>>NAS boxes. However, larger NAS boxes are most likely to be a member
|>>>> |>>server.
|>>>> |>
|>>>> |>Same thing, the NAS box will have a local SAM anyway, and may well
|>>>> |>consider its SAM + the DC SAM to be authoritative, and never
|>>>> require you
|>>>> |>to do the round-trip, but go directly to ask winbindd.
|>>>> |
|>>>> |
|>>>> | Ummm, we do not want a local SAM. All account and group
|>>>> information should
|>>>> | be in LDAP or NIS and the PDC's SAM.
|>>>>
|>>>> then just don't use it, there'll be only the builtin aliases and
|>>>> the local administrator
|>>>> and guest (disabled) by default.
|>>>> (just like a just installed windows member server)
|>>>>
|>>>
|>>> Sure, I was just pointing out to Simo that there are many ways that
|>>> people
|>>> want to use these things.
|>>>
|>>
|>> I know, people generally do not want to manage users on a NAS box, but
|>> NASes are just one of the targets of samba4.
|>> We need to be as compatible as we can, so we will implement all it is
|>> necessary and probably something more :-)
|>>
|>
|>
|> Ahhh, so we are in violent agreement then :-)
|>
|> Regards
|> -----
|> Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
|> sharpe[at]ethereal.com, http://www.richardsharpe.com
|>
|>
|>
| This is how I could imagine the Samba4 Winbind and *nix OS interaction
| (see attached ASCII graphic)
| With storing posix attributes in Samba4's LDAP server winbinds job is
| just to retrive them, much like the nss_ldap does, the only difference
| beeing in doing a recursive search for group membership.
| Maybe better to get a ticket on behalf of the user, and lookup the SIDs
| obtained from the PAC, to get the uid and gids, and coresponding posix
| attributes.

Why do you want to have a difference between the cases if you have a samba4 dc or a ms dc?
I think we should handle both the same way.

And also winbind should export the local SAM(dsdb) accounts and groups dirrently from the database

- --
metze

Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB4SSjm70gjA5TCD8RAkUsAJ9TBRRNn5PZB2DPcipkfXbTkNW9hwCfbMPq
gyBABXPVxX9lGgAbx2u9btI=
=4h3+
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list